Get to know the bad guys before they strike

Using link analysis to fight fraud in retail bank operations

By Dan Barta, Enterprise Fraud Specialist at SAS

How easily could your bank find the connection between these two things: A bank employee opening accounts and account applicants using the same employer phone number? Now add a twist, say the employee was a floater working in multiple branches? And the applicants opening credit card accounts were doing it with that employer telephone number and travelling to locations not near their residence or workplace.

When a bank we were working with discovered this connection they realized that an organized fraud ring was potentially attacking the bank to perform a credit card bust out scheme that could have potentially been shut down far sooner.

Think of link analysis as a high-tech way to get to know the town crooks before they fleece you.

Rules, models and anomaly detection are all key to helping banks fight fraud, but for some types of organized activity link analysis is critical. Rules based methods for identifying potentially fraudulent activity are limited by the need to stay in compliance with fair lending regulations and laws. You can’t deny credit, or refuse to open accounts, for everyone using the same employer phone number because there is a link with a past customer with which the bank realized a fraud loss from a bust-out. And anomaly detection works – but sometimes after the fraud has been perpetuated extensively.

Think of link analysis as a high-tech way to get to know the town crooks before they fleece you. Link analysis can identify unknown associations among the bank’s customer and account portfolio. One of the best ways to use it is at the earliest point at which banks and customers interact -- the account opening. Historically, banks have made account opening decisions – whether a DDA or credit card account – based on the information provided in the application and performing a traditional credit bureau check. This may be sufficient but it also may leave the bank exposed to risk from organized fraud or the use of synthetic identities. These risks offer a potential use of network or link analysis.

Needless to say, banks cannot grant or deny credit based simply upon a link or relationship between two individuals. But the information derived from link analysis can help assess customer risk and prompt the bank to perform additional due diligence before opening a checking account, issuing a credit card or opening other types of unsecured credit lines. Knowledge of links between applicants and/or accounts closed for fraud or cause and the existing bank portfolio may reveal close personal or professional associations or may uncover the use of synthetic identities to open accounts. This added information should prompt additional due diligence prior to placing the financial institution at additional risk by opening the account.

In addition to periodically performing the comparisons mentioned above, a bank can also develop “profiles” of specific demographic data and monitor these profiles over time. For example, is the bank realizing a steep increase in the use of a particular device ID, physical address, or other information in the application process that may indicate a fraud perpetrator on the other end developing an “inventory” of accounts to abuse at a later time.

In this day of big data, banks need to take advantage of all that is available to understand the fraud and risk landscape as well as possible and take actions that protect the bank from risk. The added benefit of link analysis and demographic data profiles is the opportunity to find the crooks before they commit fraud.